Generate SCAP

The generate_scap.py script creates security compliance documents in SCAP (Security Content Automation Protocol) formats. These documents can be used with SCAP-compatible scanning tools.

Always Use the Correct Branch (mSCP 1.0)

Each macOS version has its own branch (sequoia, sonoma, ventura, etc.). Never use the main branch — it won’t work for generating content.

mSCP 2.0 (currently in beta) will remove the per-branch requirement and introduce easier installation methods.

---

Output Formats

Format	Description
SCAP	Complete SCAP 1.4 datastream (default)
XCCDF	eXtensible Configuration Checklist Description Format
OVAL	Open Vulnerability and Assessment Language

---

Generate SCAP Documents

1. List available baselines

   ./scripts/generate_scap.py -l

2. Generate SCAP for all rules

   ./scripts/generate_scap.py

3. Generate for a specific baseline

   ./scripts/generate_scap.py -b stig

4. Find your files

   Output is saved to build/:

   File	Description
   *_xccdf.xml	XCCDF document
   *_oval.xml	OVAL document
   *.xml	Complete SCAP datastream

---

Command Reference

Flag	Description
-l	List available baseline tags
-b BASELINE	Generate for a specific baseline
-x	Generate only XCCDF
-o	Generate only OVAL
-d FILE	Include DISA STIG references from file

---

SCAP References

• Security Content Automation Protocol (SCAP) 1.4
• National Checklist Program Repository

Note

A SCAP datastream typically includes XCCDF, OVAL, OCIL, and CPE dictionary documents combined into a single XML file.

---

Next Steps

• Generate Mapping - Create custom framework mappings
• How to Generate Guidance - Generate documentation from your baseline